1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
|
<?php
/* check login script, included in db_connect.php. */
session_start();
if (!isset($_SESSION['username']) || !isset($_SESSION['password'])) {
$logged_in = 0;
return;
} else {
require "configure.php";
require_once 'function_login_block.php';
// remember, $_SESSION['password'] will be encrypted.
if(!get_magic_quotes_gpc()) {
$_SESSION['username'] = addslashes($_SESSION['username']);
}
$checkCmd = "SELECT loginname, loginpassword, role FROM login WHERE loginname = '". $_SESSION['username']. "' AND loginpassword ='". mysql_escape_string($_SESSION['password']) ."'";
//$info['password'] = stripslashes($info['password']);
//$_POST['passwd'] = md5($_POST['passwd']);
$result = mysql_query($checkCmd);
if ( mysql_num_rows($result) > 0)
{
$row = mysql_fetch_array( $result, MYSQL_ASSOC);
if ($row{'role'} == "1") {
insert_login_log($_SESSION['username'], true);
mysql_close();
$logged_in = 1;
} else {
insert_login_log($_SESSION['username'], false);
mysql_close();
$logged_in = 0;
unset($_SESSION['username']);
unset($_SESSION['password']);
}
}
else {
insert_login_log($_SESSION['username'], false);
mysql_close();
$logged_in = 0;
unset($_SESSION['username']);
unset($_SESSION['password']);
// kill incorrect session variables.
}
}
// clean up
unset($db_pass['password']);
$_SESSION['username'] = stripslashes($_SESSION['username']);
?>
|